Details of VAR-200512-0001

ID

VAR-200512-0001

CVE

CVE-2005-1939

TITLE

IPSwitch WhatsUp Small Business 2004 Reporting Service Directory Traversal Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200512-705

DESCRIPTION

Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022). Successful exploitation could allow a remote attacker to gain access to files outside the Web root. Sensitive information may be obtained in this manner. A remote attacker can read any document. Example: http://[host]:8022/../../../../../[file] SOLUTION: Restrict access to the vulnerable service. PROVIDED AND/OR DISCOVERED BY: Independently discovered by: * Dennis Rand, Cirt.dk. * Carsten Eiram, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2005-14/ Cirt.dk: http://cirt.dk/advisories/cirt-40-advisory.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-1939 // BID: 15291 // VULHUB: VHN-13148 // PACKETSTORM: 41246

AFFECTED PRODUCTS

vendor:

ipswitch

model:

whatsup small business

scope:

version:

2004

Trust: 1.9

sources: BID: 15291 // CNNVD: CNNVD-200512-705 // NVD: CVE-2005-1939

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-1939
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200512-705
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-13148
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-1939
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-13148
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-13148 // CNNVD: CNNVD-200512-705 // NVD: CVE-2005-1939

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1939

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-705

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200512-705

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-13148

EXTERNAL IDS

db:	BID	id:	15291	Trust: 2.0
db:	NVD	id:	CVE-2005-1939	Trust: 2.0
db:	SECUNIA	id:	15500	Trust: 1.8
db:	SECTRACK	id:	1015141	Trust: 1.7
db:	CNNVD	id:	CNNVD-200512-705	Trust: 0.7
db:	XF	id:	22969	Trust: 0.6
db:	SEEBUG	id:	SSVID-80099	Trust: 0.1
db:	EXPLOIT-DB	id:	26464	Trust: 0.1
db:	VULHUB	id:	VHN-13148	Trust: 0.1
db:	PACKETSTORM	id:	41246	Trust: 0.1

sources: VULHUB: VHN-13148 // BID: 15291 // PACKETSTORM: 41246 // CNNVD: CNNVD-200512-705 // NVD: CVE-2005-1939

REFERENCES

url:	http://cirt.dk/advisories/cirt-40-advisory.pdf	Trust: 2.1
url:	http://www.securityfocus.com/bid/15291	Trust: 1.7
url:	http://secunia.com/secunia_research/2005-14/advisory/	Trust: 1.7
url:	http://securitytracker.com/id?1015141	Trust: 1.7
url:	http://secunia.com/advisories/15500	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/22969	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/22969	Trust: 0.6
url:	http://www.ipswitch.com/products/whatsup/small_business/index.asp	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/secunia_research/2005-14/	Trust: 0.1
url:	http://secunia.com/advisories/15500/	Trust: 0.1
url:	http://secunia.com/product/5163/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://[host]:8022/../../../../../[file]	Trust: 0.1

sources: VULHUB: VHN-13148 // BID: 15291 // PACKETSTORM: 41246 // CNNVD: CNNVD-200512-705 // NVD: CVE-2005-1939

CREDITS

Discovery credited to Dennis Rand.

Trust: 0.9

sources: BID: 15291 // CNNVD: CNNVD-200512-705

SOURCES

db:	VULHUB	id:	VHN-13148
db:	BID	id:	15291
db:	PACKETSTORM	id:	41246
db:	CNNVD	id:	CNNVD-200512-705
db:	NVD	id:	CVE-2005-1939

LAST UPDATE DATE

2024-08-14T14:59:16.727000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-13148	date:	2017-07-11T00:00:00
db:	BID	id:	15291	date:	2005-11-03T00:00:00
db:	CNNVD	id:	CNNVD-200512-705	date:	2006-01-17T00:00:00
db:	NVD	id:	CVE-2005-1939	date:	2017-07-11T01:32:45.127

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-13148	date:	2005-12-31T00:00:00
db:	BID	id:	15291	date:	2005-11-03T00:00:00
db:	PACKETSTORM	id:	41246	date:	2005-11-03T23:53:57
db:	CNNVD	id:	CNNVD-200512-705	date:	2005-12-31T00:00:00
db:	NVD	id:	CVE-2005-1939	date:	2005-12-31T05:00:00